What's the best way in Pulumi to manage internal TLS certificates for something like Vault? https://www.pulumi.com/registry/packages/command/ looks promising, but I'm not sure if there's a more standard way

You can use the tls package

What's the goal? The TLS package allows you create certificates, but for storing them in a vault, I think you'll need the command package? I don't think the various vault providers provide a way to use a vault, just to create one?

We manage a private CA and create certs for: • our Vault clusters, which have their own SSL certs on the servers • our local development, where we point localhost to a domain name with SSL Last I checked in terraform-land the TLS provider didn't have support for some of the more recent TLS ciphers, but I'll gladly check again, thank you for the reminder Itay

Yes, apologies if I jumped the gun with the recommendation without asking more about the use case 🙂